CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-53522

High Severity
SVRS
68/100
CVSSv3
7.5/10
EPSS
0.00111/1

CVE-2024-53522 affects Bangkok Medical Software HOSxP XE, revealing a hardcoded key and IV pair. This vulnerability enables unauthorized access to sensitive data within the HOSxPXE4.exe and HOS-WIN32.INI components. Although the CVSS score is 7.5, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 68, suggesting elevated but not critical risk. The presence of a hardcoded encryption key makes exploitation relatively straightforward for attackers. This flaw could expose patient records, financial data, and other confidential information. Immediate action should include patching or mitigation to prevent data breaches. The significance of CVE-2024-53522 lies in its potential for widespread data compromise within healthcare systems utilizing the vulnerable software, demanding prompt security measures.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2025-01-07
LAST MODIFIED2025-01-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-53522 is a recently disclosed vulnerability with a limited description available at this time. While the CVSS score is currently 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk. The "In The Wild" tag suggests that this vulnerability is actively exploited by hackers.

Key Insights

  1. Limited Information: The lack of a detailed description makes it difficult to fully understand the nature and scope of CVE-2024-53522.
  2. Active Exploitation: The "In The Wild" tag implies that attackers are actively exploiting this vulnerability. This highlights the urgent need for mitigation measures.
  3. Moderate SVRS Score: While the CVSS is 0, the SVRS of 30 indicates a moderate risk. This suggests that while the vulnerability may not be considered critical by traditional metrics, it still poses a potential threat.
  4. Potential for Wider Impact: The limited information available, coupled with the fact that it is being exploited in the wild, suggests that this vulnerability could potentially affect a wide range of systems or applications.

Mitigation Strategies

  1. Immediate Patching: As soon as a patch or update is available, it should be applied immediately to all affected systems.
  2. Network Segmentation: Implementing network segmentation can limit the potential impact of a successful exploit by isolating vulnerable systems from critical infrastructure.
  3. Enhanced Monitoring: Closely monitor network traffic and system logs for any suspicious activity that could be related to CVE-2024-53522.
  4. Threat Intelligence: Utilize threat intelligence feeds to stay informed about new attack methods, indicators of compromise (IOCs), and potential exploits related to CVE-2024-53522.

Additional Information

For more information and updated details regarding CVE-2024-53522, please utilize the "Ask to Analyst" feature within SOCRadar, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-53522 | Bangkok Medical Software HOSxP XE 4.64.11.3 HOSxPXE4.exe entropy
vuldb.com2025-01-07
CVE-2024-53522 | Bangkok Medical Software HOSxP XE 4.64.11.3 HOSxPXE4.exe entropy | A vulnerability has been found in Bangkok Medical Software HOSxP XE 4.64.11.3 and classified as problematic. This vulnerability affects unknown code of the file HOSxPXE4.exe. The manipulation leads to insufficient entropy. This vulnerability was named CVE-2024-53522. The attack can only be done within the local network. There is no exploit available
vuldb.com
rss
forum
news

Social Media

CVE-2024-53522 Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows atta… https://t.co/cNSFcnnnDS
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]http://bangkok.com
[email protected]http://hosxp.com
[email protected]https://www.safecloud.co.th/researches/blog/CVE-2024-53522
[email protected]http://bangkok.com
[email protected]http://hosxp.com
[email protected]http://hosxp.net
[email protected]https://www.safecloud.co.th/researches/blog/CVE-2024-53522
GITHUBhttps://www.safecloud.co.th/researches/blog/CVE-2024-53522

CWE Details

CWE IDCWE NameDescription
CWE-331Insufficient EntropyThe software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence